Surviving the Week 07/27/2012

CodeIgniter 2.1.1 Cross Site Scripting Bypass

CodeIgniter is an open source Web Application Framework that helps authors write PHP applications. Version 2.1.1 of CodeIgniter suffers from a cross site scripting filter bypass vulnerability.

Filtering only is not a good approach to protect against cross site scripting attack. Cross Site scripting is a very common attack with high success. Test your application with NTOSpider to verify whether your application is XSS proof.

Drupal Location 6.x / 7.x Access Bypass

Drupal is a free and open-source content management system (CMS) and content management framework (CMF) written in PHP. It is used as a back-end system for at least 2.1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including whitehouse.gov and data.gov.uk. It is also used for knowledge management and business collaboration. Drupal Location third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

Record number of phishing websites in the wild

Is it any surprise that USA remains the top nation for hosting phishing based trojans? If this were an Olympic event, we’d get an easy gold! Also China continues to be the most affected country. Another gold winner!http://www.net-security.org/secworld.php?id=13302